Настройка сервера на OpenBSD 6-6.3

------Install OpenBSD 6.0---------------------
boot file install60.fs and SHA256SUM OpenBSD from site1;
check it in lunux:
sha256sum install60.fs
cat SHA256SUM | grep install60.fs
Birn filesystem in flash pendrive ( example /dev/sdc - show #fdisk -l):
dd if=install60.fs of=/dev/sdc bs=1M
reboot now and extract flashdrive to insert new system comp.
boot from pendrive pushed f8...f12 throuth boot and select S.
fdisk -u wd0
fdisk -iy wd0
disklabel -E wd0
If you will delete all partitions set:
>z
>w
>q
and go:
disklabel -E wd0
>a b
size [xxxxxxxx] 2g
FS type: [swap]
>a a
size [xxxxxxxx] *
FS type: RAID
>w
>q
bioctl -c C -l /dev/wd0a softraid0
enter your passphrase
will echoed:
softraid0: CRYPTO volume attached as sd1 (Memory this name - sd1!!!)
exit
I(as Install)
Which disk is the root disk? ('?' for details) [wd0]:
>sd1
You'll use the encrypted pseudo-device sd0 instead of wd1.
------Добавим пользователя "user123":---------
# pkg_add sudo
# uaseradd -m -G wheel user123
# passwd user123
# echo 'user123 ALL=(ALL) SETENV: ALL' >> /etc/sudoers
# reboot
-----------restore root password:----------------
boot> boot -s
# fsck -p / && mount -uw /
# fsck -p /usr && mount /usr
# passwd
to change the root password.Entering "CTRL-D" to resume.
----------PF firewall:---------------------------
включаем:
pfctl -e
тестируем перед применением:
pfctl -nf /etc/pf.conf
или так подробнее протестируем:
pfctl -vvnf /etc/pf.conf
смотрим текущие правила:
pftcl -s rules
сбрасываем текущие правила:
# pfctl -Fs
и включаем их снова:
# pfctl -f /etc/pf.conf
Rules file structure (strictly!):
1)Macros: User-defined variables that can hold IP addresses, interface names, etc.
2)Tables: A structure used to hold lists of IP addresses.
3)Options: Various options to control how PF works.
4)Filter Rules: Allows the selective filtering or blocking of packets as they pass through any of the interfaces. Filter rules can be given parameters to specify network address translation and packet redirection. 
Rule structure (simple):
action [direction] [log] [quick] [on interface] [af] [proto protocol] [from src_addr [port src_port]] [to dst_addr [port dst_port]]
Reread rules after modifying:
pfctl -Fs && sh /etc/netstart && pfctl -f /etc/pf.conf
Для просмотра журнального файла выполните команду
# tcpdump -n -e -ttt -r /var/log/pflog
Для просмотра журнала в режиме реального времени:
# tcpdump -n -e -ttt -i pflog0
--------------Security update (for OpenBSD v6.0):--------------
pkg_add -u
---update core system???:-------
cd /usr
cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_6_0 -P src
If you are following the 6.0 -stable branch:
cd /usr/src
cvs -q up -rOPENBSD_6_0 -Pd
--------------BAMP:------------------------------
pkg_add apache-httpd
/etc/rc.d/apache2 start
To start at boot, edit "/etc/rc.conf.local":
>>>>>start:>>>>>>>>>>
  httpd_flags=
  pkg_scripts=php_fpm
<<<<<>>>>добавляем строки для MariaDB (MySQL):
[client]
default-character-set=utf8
...
[mysqld]
skip-character-set-client-handshake
character-set-server = utf8
init-connect='SET NAMES utf8'
collation-server=utf8_general_ci
...
[mysqldump]
default-character-set=utf8
...
:x
sudo service mysql restart
и проверяем насртоенные кодировки:
mysql -uroot -p
смотрим настроеные кодировки:
show variables like "char%";
----------------BAMP(PHP7)-----------------------
pkg_add apache-httpd
pkg_add php
..and other commands...
---------------Services:-------------------------
rcctl restart sshd
--------------aliases:----------------------------
add line in start script position:
[ -r ~/.kshrc ] && . ~/.kshrc
...
close and edit .kshrc
>>>>>>>>>>>>>start:>>>>>>>>>
alias www="cd /var/www/htdocs/app/;vim ."
<<<<<<<<<<